armv8.1-m: Add task dedicated PAC key
To harden the security, each task is assigned a dedicated PAC key, so that attackers needs to guess the all the tasks' PAC keys right to exploit the system using Return Oriented Programming.
The kernel is now updated to support the following:
* A PAC key set with a random number generated and is saved in the task's context when a task is created.
* As part of scheduling, the task's PAC key is stored/restored to/from the task's context when a task is unscheduled/scheduled from/to run.
stack-overflow-check: Introduce portGET_CURRENT_TOP_OF_STACK macro
When MPU wrapper v2 is used, the task's context is stored in TCB and `pxTopOfStack`` member of TCB points to the context location in TCB. We, therefore, need to read PSP to find the task's current top of stack.
Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>
The PACBTI is an optional hardware security feature,
the current implementation assumes that every SoC that
has Armv8.1-M architecture extension, has the PACBTI
hardware feature, which does not have to be the case.
Hence, the `portHAS_PACBTI_FEATURE` is removed
and the implementation is modified to rely on
`configENABLE_PAC` and `configENABLE_BTI` macros
that can either be set using CMake or FreeRTOSConfig.h
header file.
Enabling PAC and/or BTI on a port variant that
doesn't have the PACBTI hardware feature would be
caught by a `configASSERT` statement.
Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>
Co-authored-by: Tony Josi <tonyjosi@amazon.com>
* copyright-checker: Add FreeRTOS Arm collab copyright
FreeRTOS Arm collab files shall have both Amazon's
and Arm's copyright headers. Hence, the copyright
checker is modified to check for both copyrights.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* armv8-m: Add support for IAR with TFM FREERTOS PORT
As the case for ARMClang, and GCC toolchains, IAR
with TFM FreeRTOS Port support is added.
Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>
* armv8-m: Do not overwrite Control register value
The current ARMv8-M FreeRTOS-Kernel Port code
implementation is modified in a way that allows
the CONTROL register's value to be retained
rather than being overwritten.
This is needed for adding PACBTI support as
the special-purpose CONTROL register `PAC_EN`,
`UPAC_EN`, `BTI_EN`, and `UBTI_EN` PACBTI
enablement bits should be configured before calling
`vRestoreContextOfFirstTask()` function which currently
overwrite the value inside the CONTROL register.
Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>
* armv8.1-m: Add PACBTI support to kernel non-secure implementation
In this commit, Pointer Authentication, and Branch Target
Identification Extension (PACBTI) support is added for
Non-Secure and Non-TrustZone variants of Cortex-M85
FreeRTOS-Kernel Port.
The PACBTI support is added for Arm Compiler For
Embedded, and IAR toolchains only. The support in
the kernel is not yet enabled for GNU toolchain
due to known issues.
Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>
* Fix CI check
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
---------
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>
Co-authored-by: Ahmed Ismail <ahmism01@e133373.arm.com>
Co-authored-by: Gaurav Aggarwal <aggarg@amazon.com>
Support for 16 MPU regions was added to Cortex-M33, M35P, M55 and M85
ports was added but the compile time error check was not removed. This
results in compilation error when 16 MPU regions are used. This PR
removes the not needed compile time error check.
It was reported here - https://forums.freertos.org/t/cortex-m55-and-16-region-mpu-support/21470.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
FreeRTOS MPU: Add privileged execute never MPU attribute
A new MPU region attribute Privileged eXecute Never (PXN)
is introduced in Armv8.1-M architecture, where if an MPU
region has PXN attribute set and the processor attempts
to execute the code inside with privileged level,
the Memory Management Fault exception would be triggered,
with IACCVIOL bit in MemManage Fault State Register set
to 1. The PXN feature allows privileged software to ensure
specific application tasks (threads) to execute in
unprivileged level only.
Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>
Add a check for configENABLE_MVE to M23, M33 ports
configENABLE_MVE is only applicable to Cortex-M55 and Cortex-M85 ports.
It must not be defined to 1 for other ARMv8_m ports.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Use new version of CI-CD Actions
* Use cSpell spell check, and use ubuntu-20.04 for formatting check
* Format and spell check all files in the portable directory
* Remove the https:// from #errors and #warnings as uncrustify attempts to change it to /*
* Use checkout@v3 instead of checkout@v2 on all jobs
---------
* Armv8-M: Formatting changes
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
* Armv8-M: Add support for interrupt priority check
FreeRTOS provides `FromISR` system calls which can be called directly
from interrupt service routines. It is crucial that the priority of
these ISRs is set to same or lower value (numerically higher) than that
of `configMAX_SYSCALL_INTERRUPT_PRIORITY`. For more information refer
to https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html.
Add a check to trigger an assert when an ISR with priority higher
(numerically lower) than `configMAX_SYSCALL_INTERRUPT_PRIORITY` calls
`FromISR` system calls if `configASSERT` macro is defined.
In addition, add a config option
`configQEMU_DISABLE_INTERRUPT_PRIO_BITS_CHECK` to disable interrupt
priority check while running on QEMU. Based on the discussion
https://gitlab.com/qemu-project/qemu/-/issues/1122, The interrupt
priority bits in QEMU do not match the real hardware. Therefore the
assert that checks the number of implemented bits and __NVIC_PRIO_BITS
will always fail. The config option
`configQEMU_DISABLE_INTERRUPT_PRIO_BITS_CHECK` should be defined in the
`FreeRTOSConfig.h` for QEMU targets.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
* Use SHPR2 for calculating interrupt priority bits
This removes the dependency on the secure software to mark the interrupt
as non-secure.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
---------
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
Co-authored-by: Gaurav Aggarwal <aggarg@amazon.com>
Co-authored-by: Gaurav-Aggarwal-AWS <33462878+aggarg@users.noreply.github.com>
* Add supposrt for ARM CM55
* Fix file header
* Remove duplicate code
* Refactor portmacro.h
1. portmacro.h is re-factored into 2 parts - portmacrocommon.h which is
common to all ARMv8-M ports and portmacro.h which is different for
different compiler and architecture. This enables us to provide
Cortex-M55 ports without code duplication.
2. Update copy_files.py so that it copies Cortex-M55 ports correctly -
all files except portmacro.h are used from Cortex-M33 ports.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
Co-authored-by: Gaurav Aggarwal <aggarg@amazon.com>
* Add support for 16 MPU regions to GCC Cortex-M33 TZ port
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Add support for 16 MPU regions to Cortex-M33 NTZ GCC port
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Use cast to fix warnings.
* Remove all empty definitions of portCLEAN_UP_TCB( pxTCB ) and
portALLOCATE_SECURE_CONTEXT( ulSecureStackSize ) from ports.
When these are undefined, the default empty definition is defined
in FreeRTOS.h.
* Style: Change FreeRTOS websites in comments
* Style: Change freertos to FreeRTOS in comments
* Style: Remove broken link
Co-authored-by: Alfred Gedeon <gedeonag@amazon.com>
